Show number of new findings for OSH scans #390
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Rebuild & push images | |
on: | |
push: | |
branches: | |
- main | |
- stable | |
jobs: | |
build-n-push: | |
# To not run in forks | |
if: github.repository_owner == 'packit' | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- dockerfile: Dockerfile | |
image: dashboard | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Extract branch name and set tag | |
shell: bash | |
run: | | |
branch=${GITHUB_REF#refs/heads/} | |
tag="" | |
api="" | |
case $branch in | |
main) | |
tag="stg latest" | |
api="https://stg.packit.dev/api" | |
;; | |
stable) | |
tag="prod" | |
api="https://prod.packit.dev/api" | |
;; | |
esac | |
echo "branch=${branch}" >> $GITHUB_OUTPUT | |
unique_tag="${branch}-${GITHUB_SHA::7}" | |
echo "tag=${tag} ${unique_tag}" >> $GITHUB_OUTPUT | |
echo "api=${api}" >> $GITHUB_OUTPUT | |
echo "commit_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT | |
id: branch_tag | |
- name: Set up secret file needed for the build | |
run: echo "$SENTRY_AUTH_TOKEN" > /tmp/sentry-secret | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
- name: Build Image | |
id: build-image | |
# https://github.com/marketplace/actions/buildah-build | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
dockerfiles: ${{ matrix.dockerfile }} | |
image: ${{ matrix.image }} | |
tags: ${{ steps.branch_tag.outputs.tag }} | |
build-args: | | |
VITE_API_URL=${{ steps.branch_tag.outputs.api }} | |
VITE_GIT_SHA=${{ steps.branch_tag.outputs.commit_sha }} | |
extra-args: | | |
--secret id=sentry_auth_token,src=/tmp/sentry-secret | |
oci: true | |
- name: Push To Quay | |
# https://github.com/marketplace/actions/push-to-registry | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: quay.io/packit | |
username: ${{ secrets.QUAY_IMAGE_BUILDER_USERNAME }} | |
password: ${{ secrets.QUAY_IMAGE_BUILDER_TOKEN }} |